Static task
static1
Behavioral task
behavioral1
Sample
c543729d7a6be673cd81457090a044a4c5521bc51f70e6e627355175ecad4a18.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
c543729d7a6be673cd81457090a044a4c5521bc51f70e6e627355175ecad4a18.exe
Resource
win10v2004-20220812-en
General
-
Target
c543729d7a6be673cd81457090a044a4c5521bc51f70e6e627355175ecad4a18
-
Size
1.1MB
-
MD5
926930237dd203306b7f1e5f8b4faa38
-
SHA1
d2c0dc679b3db1c752f7f7105c18872469c592ea
-
SHA256
c543729d7a6be673cd81457090a044a4c5521bc51f70e6e627355175ecad4a18
-
SHA512
29bfc4792f9181d5c885647462a70b00401cd515bf85bf4389e6013f82a996b879ddcb6ea763f5634622afe35ebc349384333fec412e27b642de0df9649cf6a0
-
SSDEEP
12288:5ZvhtqTRl6Xm6kqYVRaFQcYPHh+IaF/jyaQGQ0FbH0P:5Zhtqj6XhkfqqcYeM0a
Malware Config
Signatures
Files
-
c543729d7a6be673cd81457090a044a4c5521bc51f70e6e627355175ecad4a18.exe windows x86
4bfa3ffa3e87a2e99698809e8f0e8ee0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Imports
ntdll
iswctype
wcsstr
swprintf
wcscat
wcscpy
wcslen
wcschr
wcsncpy
wcscmp
_wcsicmp
_chkstk
memmove
wcspbrk
towupper
_wtoi
_aulldiv
_aullrem
wcsncmp
isdigit
wcsrchr
wcscspn
_aullshr
NtQueryQuotaInformationFile
strncpy
vsprintf
_wcslwr
_allmul
_wcsupr
NtSetQuotaInformationFile
_alldiv
isspace
isalpha
_ftol
isupper
RtlUnwind
_allshl
_wcsnicmp
NtQueryVolumeInformationFile
wcstoul
islower
wcsncat
comctl32
DestroyPropertySheetPage
ImageList_GetIcon
ImageList_GetImageCount
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_ReplaceIcon
ImageList_AddMasked
PropertySheetW
shell32
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW
ExtractIconExW
SHGetFolderPathW
SHGetSpecialFolderLocation
mpr
WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetGetConnectionW
WNetAddConnection2W
WNetCancelConnection2W
comdlg32
GetFileTitleW
netapi32
NetShareEnum
NetWkstaGetInfo
NetShareAdd
NetShareDel
NetApiBufferSize
NetServerEnum
NetApiBufferFree
NetShareGetInfo
rpcrt4
RpcRaiseException
NdrClientInitializeNew
UuidFromStringW
UuidToStringW
NdrPointerUnmarshall
NdrPointerMarshall
NdrPointerBufferSize
NdrConvert
NdrFreeBuffer
NdrSendReceive
RpcStringBindingComposeW
RpcNetworkIsProtseqValidW
RpcBindingFromStringBindingW
NdrGetBuffer
RpcBindingFree
RpcStringFreeW
RpcBindingSetAuthInfoW
RpcEpResolveBinding
ole32
CoCreateGuid
CoUninitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoInitializeEx
setupapi
SetupOpenInfFileW
SetupFindNextLine
SetupGetLineTextW
SetupFindFirstLineW
SetupGetIntField
SetupGetStringFieldW
SetupCloseInfFile
userenv
GetProfilesDirectoryW
ntmsapi
AllocateNtmsMedia
EnumerateNtmsObject
SetNtmsObjectAttributeW
SetNtmsObjectInformationW
GetNtmsObjectInformationW
CloseNtmsSession
GetNtmsObjectSecurity
SetNtmsObjectSecurity
OpenNtmsSessionW
SetNtmsDeviceChangeDetection
MountNtmsMedia
CreateNtmsMediaPoolW
EndNtmsDeviceChangeDetection
DeleteNtmsMediaPool
BeginNtmsDeviceChangeDetection
GetNtmsObjectAttributeW
MoveToNtmsMediaPool
UpdateNtmsOmidInfo
ImportNtmsDatabase
InjectNtmsMedia
AccessNtmsLibraryDoor
DeallocateNtmsMedia
DeleteNtmsMedia
OpenNtmsNotification
CloseNtmsNotification
WaitForNtmsNotification
EjectNtmsMedia
DismountNtmsMedia
ExportNtmsDatabase
clusapi
CloseCluster
BackupClusterDatabase
GetNodeClusterState
OpenCluster
query
SetCatalogState
sfc
SfcGetNextProtectedFile
mfc42u
ord4211
ord2634
ord2859
ord6211
ord6191
ord5977
ord1662
ord986
ord3087
ord1229
ord1143
ord4154
ord2613
ord4155
ord411
ord334
ord823
ord1165
ord6113
ord2717
ord5746
ord535
ord641
ord858
ord4272
ord539
ord5568
ord2914
ord942
ord2910
ord1172
ord4124
ord2606
ord5679
ord4270
ord5261
ord4370
ord4847
ord4992
ord6330
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord2506
ord4621
ord4419
ord3592
ord324
ord3621
ord3658
ord795
ord2406
ord2810
ord3092
ord5949
ord6195
ord4704
ord4229
ord4604
ord3871
ord3282
ord771
ord5273
ord1008
ord940
ord538
ord1560
ord268
ord927
ord922
ord861
ord5727
ord6399
ord2504
ord4606
ord5124
ord6371
ord2809
ord609
ord692
ord6051
ord1768
ord5286
ord3716
ord3614
ord567
ord755
ord6168
ord5871
ord6193
ord470
ord2371
ord648
ord2644
ord2855
ord5047
ord765
ord500
ord772
ord5856
ord5602
ord4273
ord537
ord3566
ord2090
ord2088
ord2858
ord5846
ord2400
ord3172
ord2507
ord941
ord355
ord2755
ord4442
ord4665
ord4670
ord4975
ord1851
ord4241
ord3864
ord2119
ord2715
ord2383
ord3054
ord5096
ord5099
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2875
ord2873
ord4148
ord4072
ord5233
ord2375
ord5280
ord2641
ord1658
ord4431
ord4422
ord796
ord6237
ord529
ord402
ord674
ord807
ord5867
ord2486
ord2619
ord2618
ord6063
ord5996
ord2109
ord4279
ord5879
ord4143
ord2112
ord4451
ord4078
ord4718
ord4669
ord4678
ord2078
ord4294
ord6205
ord5048
ord4901
ord4584
ord4356
ord6065
ord3479
ord4407
ord5251
ord4462
ord5848
ord2250
ord3084
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord4495
ord3865
ord3792
ord656
ord802
ord542
ord1085
ord5605
ord2756
ord4199
ord1833
ord4583
ord4582
ord4893
ord4364
ord4886
ord4527
ord5070
ord4334
ord1634
ord2776
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord5277
ord3743
ord1718
ord5256
ord2083
ord4426
ord2579
ord4400
ord3389
ord3724
ord364
ord784
ord804
ord2294
ord4236
ord4282
ord4714
ord3190
ord554
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord2567
ord4390
ord3397
ord3569
ord801
ord541
ord6139
ord2070
ord3753
ord3403
ord3222
ord3049
ord3420
ord3875
ord939
ord935
ord929
ord5857
ord3050
ord834
ord3805
ord4128
ord4292
ord5784
ord5783
ord283
ord472
ord5929
ord4988
ord919
ord501
ord773
ord6004
ord3605
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord2729
ord5267
ord2281
ord2362
ord5906
ord2970
ord5647
ord3611
ord3122
ord665
ord1971
ord3597
ord6381
ord5180
ord350
ord354
ord1850
ord4240
ord5095
ord2093
ord2382
ord5094
ord5098
ord3346
ord2874
ord4147
ord2374
ord4430
ord2437
ord4421
ord401
ord5250
ord4461
ord976
ord4494
ord5279
ord2236
ord5031
ord5597
ord2574
ord4396
ord3365
ord3635
ord693
ord794
ord527
ord3476
ord2244
ord4502
ord5268
ord2293
ord1808
ord5677
ord3739
ord6278
ord3728
ord2857
ord4118
ord3291
ord925
ord6003
ord3288
ord3281
ord4238
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord5283
ord4829
ord3694
ord768
ord2350
ord4848
ord6024
ord5617
ord1083
ord5603
ord5706
ord4709
ord1683
ord4433
ord2046
ord4425
ord3695
ord496
ord4254
ord5845
ord2876
ord3470
ord5284
ord5050
ord2520
ord1941
ord818
ord5274
ord5714
ord1561
ord1177
ord2621
ord1134
ord1258
ord1761
ord6451
ord933
ord2290
ord2291
ord4283
ord4280
ord3312
ord413
ord711
ord6298
ord4163
ord5798
ord3093
ord3867
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord832
ord5446
ord6390
ord5436
ord6379
ord3693
ord2637
ord536
ord6136
ord654
ord341
ord2754
ord5854
ord3562
ord602
ord1817
ord338
ord4817
ord652
ord4233
ord3737
ord5790
ord5785
ord6115
ord6017
ord6166
ord2746
ord640
ord2397
ord5869
ord5781
ord837
ord1633
ord920
ord323
ord836
ord3494
ord4780
ord810
ord4266
ord489
ord4253
ord1936
ord1127
ord643
ord2443
ord5978
ord329
ord3197
msvcrt
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__commode
_wcmdln
exit
_XcptFilter
_exit
_except_handler3
bsearch
_fcloseall
_vsnwprintf
clearerr
fputs
_purecall
wcstok
_wfopen
_mbslen
_mbscpy
_wcsdup
_getpid
_filelength
fwrite
ftell
__set_app_type
__p__fmode
fclose
_open_osfhandle
_fdopen
fseek
_putenv
_errno
mktime
swscanf
time
_tzset
localtime
_wcsrev
calloc
realloc
malloc
free
_EH_prolog
__CxxFrameHandler
_controlfp
ungetc
fgetc
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
fflush
fread
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceW
ReportEventW
GetUserNameW
CheckTokenMembership
RegDeleteValueW
InitializeSecurityDescriptor
InitializeAcl
SetSecurityDescriptorDacl
ReadEncryptedFileRaw
WriteEncryptedFileRaw
StartServiceW
EnumDependentServicesW
RegSetValueExW
RegCreateKeyExW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
QueryServiceStatus
BackupEventLogW
OpenServiceW
OpenSCManagerW
FreeSid
AddAccessAllowedAce
DeleteAce
EqualSid
GetAce
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegConnectRegistryW
OpenThreadToken
RegEnumKeyExW
RegEnumValueW
RegSaveKeyW
RegReplaceKeyW
ControlService
RegFlushKey
RegLoadKeyW
RegRestoreKeyW
DecryptFileW
EncryptFileW
CloseEventLog
OpenEncryptedFileRawW
CloseEncryptedFileRaw
OpenEventLogW
kernel32
ReadFile
GetDateFormatW
GetTimeFormatW
CompareStringW
MoveFileW
SetFileAttributesW
GetFileAttributesW
GetVolumeInformationW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryA
MoveFileExW
SetErrorMode
SetFilePointer
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
GetSystemTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocaleInfoW
GetNumberFormatW
EnterCriticalSection
LeaveCriticalSection
WriteFile
TerminateThread
InitializeCriticalSection
GetComputerNameW
Sleep
LoadLibraryW
GetProcAddress
GetCurrentProcess
CreateSemaphoreW
ReleaseSemaphore
CreateThread
WaitForSingleObject
GetExitCodeThread
GetSystemDirectoryW
GetDriveTypeW
CreateFileW
DeviceIoControl
CloseHandle
GlobalMemoryStatus
GetModuleFileNameW
GetVersionExW
GetWindowsDirectoryW
GetCurrentThread
ExitThread
SetEndOfFile
SetTapePosition
GetTapePosition
ExpandEnvironmentStringsW
CreateDirectoryW
GetLastError
GetCurrentThreadId
DeleteCriticalSection
GetModuleHandleW
MultiByteToWideChar
FindResourceW
LoadLibraryA
LockResource
LoadResource
CreateMutexW
ReleaseMutex
GetExitCodeProcess
CreateProcessW
TerminateProcess
CopyFileW
GetTickCount
GetPrivateProfileStringW
CreateEventW
WritePrivateProfileStringW
FreeLibrary
WideCharToMultiByte
SetEvent
RemoveDirectoryW
SetFileTime
BackupWrite
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCompressedFileSizeW
GlobalAlloc
FormatMessageW
GlobalFree
GetEnvironmentVariableW
BackupRead
LocalFree
LockFile
GetFileSize
GetVolumeNameForVolumeMountPointW
SetLastError
GetDiskFreeSpaceExW
GetFileInformationByHandle
SetTapeParameters
GetTapeParameters
FlushFileBuffers
WriteTapemark
GetTapeStatus
BackupSeek
GetStartupInfoW
PrepareTape
EraseTape
gdi32
GetMapMode
CreateFontIndirectW
CreateRectRgn
Polygon
Rectangle
BitBlt
GetObjectW
CreateCompatibleDC
DeleteObject
SelectObject
GetTextExtentPointW
PatBlt
CombineRgn
CreateBitmap
CreateCompatibleBitmap
user32
EnableWindow
GetWindowThreadProcessId
LoadBitmapW
PostMessageW
ScreenToClient
GetIconInfo
CreateIconIndirect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateIconFromResource
DestroyIcon
wvsprintfW
LoadStringW
PeekMessageW
PostQuitMessage
WaitMessage
MessageBeep
GetCapture
SetActiveWindow
GetAsyncKeyState
SetCursor
SetWindowLongW
GetWindowLongW
MessageBoxW
GetCursorPos
IsCharAlphaW
IsCharAlphaNumericW
GetKeyState
CopyRect
InflateRect
DrawFocusRect
MapDialogRect
InvalidateRgn
SetParent
GetSystemMetrics
LoadMenuW
FlashWindow
SetTimer
KillTimer
ClientToScreen
SendMessageW
GetNextDlgGroupItem
RemoveMenu
GetClientRect
LoadCursorW
LoadIconW
DefWindowProcW
UnregisterClassW
UpdateWindow
GetFocus
GetActiveWindow
WindowFromPoint
wsprintfW
IsIconic
EnableMenuItem
GetParent
SetClassLongW
GetSysColor
InvalidateRect
ExitWindowsEx
LoadImageW
GetMenuItemID
GetSubMenu
GetMenu
SetWindowsHookExW
AppendMenuW
ReleaseDC
CallNextHookEx
UnhookWindowsHookEx
GetWindow
DeleteMenu
IsWindow
GetMenuItemCount
SystemParametersInfoW
GetDC
IsWindowVisible
BringWindowToTop
GetWindowRect
ChildWindowFromPoint
Sections
.text Size: 782KB - Virtual size: 781KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 19KB - Virtual size: 63KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 359KB - Virtual size: 380KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE